Hacktool.Crack Found by AVG After memory write errors

[echu1989]

Hi all:

SYMPTOMS
- I have Symantec Antivirus installed and I am not sure if this is related but 2 days ago Symantec started acting odd. If I tried to right click a file or folder it would try to install something for Symantec.

I uninstalled Symantec and turned on my Zonealarm Antivirus and made sure my virus defs were up to date. I did a scan and it did not find anything.

Things seemed OK

- I then downloaded a keygenerator that apparently had the hacktool.crack virus. I now know how stupid this was

- The following day after that download about 2PM, my laptop went nuts. I got repeated "Windows could not write" type errors for everything that would try to run in my system tray.

WHAT DID I DO ONCE MY PC WENT NUTS?

- I read that AVG was a great tool so I downloaded the Anti-malware and virus trial tool, installed it and ran it. It found HAcktool.crack.

- I went to another PC and found this wonderful forum and another thread on HAcktool.crack. That led me to the detailed malware removal thread.

I followed those instructions with one exception. I noticed that when I went to install the AVG Anti-spyware it was from last year, so I assumed that a scan from the latest AVG Anti Virus/Malware would be sufficient. If not please let me know and I will install and run the suggested too.

- AVG Found 10 infections on my last scan while in safe mode. I also made sure there were no hidden files as instructed before running that scan.

- I then ran Hijack This and ComboFix.

I have attached my logs.

Am I clean and is there anything else I should do?

Thank you for help!!

 

[AlbertLionheart]

Hi
both these logs look OK to me - one reference to
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file
should be removed if not known to you.
say no more about keygen sites - what is interesting is that NAV failed to deal with it.....

 

[howard_hopkinso]

Hello and welcome to Techspot.

Have HJT fix the following entries, if you don`t know what they are.

O1 - Hosts: 158.187.0.173 atmsr37

O16 - DPF: {3591A50E-18FD-42BC-8D10-6C93BDAF2DA0} (Data Dynamics #Grid 2.0 (OLEDB)) - https://control.itsupport247.net/components/SG20o.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{636F7B10-5037-4588-B78C-5B5DE67D5DCB}: Domain = rck.atm.lmco.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rck.atm.lmco.com,global.lmco.com,ems.lmco.com,vf.lmco.com,orl.lmco.com,den.lmco.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rck.atm.lmco.com,global.lmco.com,ems.lmco.com,vf.lmco.com,orl.lmco.com,den.lmco.com

Go HERE and follow the instructions for AVG Antispyware and Panda Antirootkit.

Post an AVG Antispyware log and let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of echu1989 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[echu1989]

Thank You.

I downloaded and am running AVG Antispyware as I type this.

Last night I downloaded AVG Antirootkit Free and ran a full scan. It did not find anything.

Would you still like me to run a Panda AntiRootkit too after the AntiSpyware completes?

Thanks...

 

[howard_hopkinso]

Yes, please run Panda Antirootkit and let me know the results.

Regards Howard

This thread is for the use of echu1989 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[AlbertLionheart]

Thanks for your input Howard - interested to know what you used to find those items as risky: the german diagnostics tool I ran said they were OK.

 

[howard_hopkinso]

I didn`t say they were risky, only that they should be fixed if it wasn`t known what they were.

Regards Howard

This thread is for the use of echu1989 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[echu1989]

AVG AntiSpyware Log

Here is my AVG AntiSpyware Log. After saving the log and bringing it over here I realized I saved my log before taking actions.

All detections were deleted accept for the Trojan.phprun (this was quarantined).

Sorry for not following the instructions exactly. If I need to run this again, just let me know.

*Update*

The Panda Rootkit scanner found no rootkits.

I hope this means I should have a clean laptop again ??

Thank you!

 

[howard_hopkinso]

Ok, delete the file in AVG Antispyware quarantine. Other than that, the log file is clean.

I await the results of the Panda Antirootkit scan. Just be sure not to fix any Unknown rootkits(if found) at this stage. Known rootkits can of course be fixed, if any are detected. In panda Antirootkit, known rootkits will already be ticked for removal.

Regards Howard

This thread is for the use of echu1989 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[echu1989]

No rootkits were found by Panda.

Thank you sooo much for your help!

 

[howard_hopkinso]

In that case, it looks like you`re good to go.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of echu1989 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.